Hi,
Some of you know that I am unemployed.
I am looking for Application Security work, but am under qualified
compared to what places are asking for, which is someone who has been
doing this full time for 2 years.
I have been doing it part time for the last 2 years:
- writing processes including how to respond to a vulnerability in your
code or open source libs like Log4J,
- helping one (1) small team work through where their code was
vulnerable to the OWASP Top 10 (like, that's not how you use the OWASP
Top 10, but "they" made that decision without any input from me)
- a couple presentations to the devs about OWASP
I took Tanya Janca's 3-course certificate in App Sec.
However, if I can't get AppSec work, I am also interested in continuous
Integration (CI/CD) work, which is what I have been doing for years.
Rob